更多"[多选题]By default FortiGate is config"的相关试题:
[单选题]
Which certificate value can FortiGate use to determine the relationship between the issuer and the certificate?
A. Subject Key Identifier value
B. SMMIE Capabilities value
C. Subject value
D. Subject Alternative Name value
[单选题]
What inspection mode does FortiGate use if it is configured as a policy-based next-generation firewall (NGFW)?
A. Full Content inspection
B. Proxy-based inspection
C. Certificate inspection
D. Flow-based inspection
[多选题]
Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)
A. Source defined as Internet Services in the firewall policy.
B. Destination defined as Internet Services in the firewall policy.
C. Highest to lowest priority defined in the firewall policy.
D. Services defined in the firewall policy.
E. Lowest to highest policy ID number.
[多选题]
FortiGate is configured as a policy-based next-generation firewall (NGFW) and is applying web filtering and application control directly on the security policy.
Which two other security profiles can you apply to the security policy? (Choose two.)
A. Antivirus scanning
B. File filter
C. DNS filter
D. Intrusion prevention
[单选题]
Examine this FortiGate configuration:
Examine the output of the following debug command:
Based on the diagnostic outputs above how is the FortiGate handling the traffic for new sessions that require inspection?
A. It is allowed but with no inspection
B. It is allowed and inspected as long as the inspection is flow based
C. It is dropped.
D. It is allowed and inspected as long as the only inspection required is antivirus.
[单选题]
Which security feature does FortiGate provide to protect servers located in the internal networks from attacks such as SQL injections?
A. Denial of Service
B. Application control
C. Antivirus
D. Web application firewall
[单选题]
Examine this FortiGate configuration:How does the FortiGate handle web proxy traffic coming from the IP address 10.2.1.200 that requires
Authorization?
A. It always authorizes the traffic without requiring authentication.
B. It drops the traffic.
C. It authenticates the traffic using the authentication scheme SCHEME2.
D. It authenticates the traffic using the authentication scheme SCHEME1.
[单选题]
What is the primary FortiGate election process when the HA override setting is disabled?
A. Connected monitored ports > System uptime > Priority > FortiGate Serial number
B. Connected monitored ports > HA uptime > Priority > FortiGate Serial number
C. Connected monitored ports > Priority > HA uptime > FortiGate Serial number
D. Connected monitored ports > Priority > System uptime > FortiGate Serial number
[单选题]
Which scanning technique on FortiGate can be enabled only on the CLI?
A. Heuristics scan
B. Trojan scan
C. Antivirus scan
D. Ransomware scan
[单选题]
You have enabled logging on your FortiGate device for Event logs and all Security logs and you have set up logging to use the FortiGate local disk.
What is the default behavior when the local disk is full?
A. Logs are overwritten and the only warning is issued when log disk usage reaches the threshold of 95%.
B. No new log is recorded until you manually clear logs from the local disk.
C. Logs are overwritten and the first warning is issued when log disk usage reaches the threshold of 75%.
D. No new log is recorded after the warning is issued when log disk usage reaches the threshold of 95%.
[多选题]
Which two statements are true when FortiGate is in transparent mode? (Choose two.)
A. By default all interfaces are part of the same broadcast domain.
B. The existing network IP schema must be changed when installing a transparent mode.
C. Static routes are required to allow traffic to the next hop.
D. FortiGate forwards frames without changing the MAC address.
[单选题]
Which type of logs on FortiGate record information about traffic directly to and from the FortiGate management IP addresses?
A. System event logs
B. Forward traffic logs
C. Local traffic logs
D. Security logs
[单选题]
A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub interfaces added to the physical interface.
Which statements about the VLAN sub interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
A. The two VLAN sub interfaces can have the same VLAN ID only if they have IP addresses in different subnets.
B. The two VLAN sub interfaces must have different VLAN IDs.
C. The two VLAN sub interfaces can have the same VLAN ID only if they belong to different VDOMs.
D. The two VLAN sub interfaces can have the same VLAN ID only if they have IP addresses in the same subnet.
[单选题]
How do you format the FortiGate flash disk?
A. Load a debug FortiOS image.
B. Load the hardware test (HQIP) image.
C. Execute the CLI command execute formatlogdisk.
D. Select the format boot device option from the BIOS menu.
[单选题]
How does FortiGate act when using SSL VPN in web mode?
A. FortiGate acts as an FDS server.
B. FortiGate acts as an HTTP reverse proxy.
C. FortiGate acts as DNS server.
D. FortiGate acts as router.
[单选题]
Why does FortiGate keep TCP sessions in the session table for some seconds even after both sides (client and server) have terminated the session?
A. To remove the NAT operation.
B. To generate logs
C. To finish any inspection operations.
D. To allow for out-of-order packets that could arrive after the FIN/ACK packets.
[单选题]
View the exhibit.
A user behind the FortiGate is trying to go to http://www.addictinggames.com (Addicting Games).
Based on this configuration which statement is true?
A. Addicting.Games is allowed based on the Application Overrides configuration.
B. Addicting.Games is blocked on the Filter Overrides configuration.
C. Addicting.Games can be allowed only if the Filter Overrides actions is set to Exempt.
D. Addcting.Games is allowed based on the Categories configuration.
[单选题]
Why does FortiGate Keep TCP sessions in the session table for several seconds even after both sides (client and server) have terminated the session?
A. To allow for out-of-order packets that could arrive after the FIN/ACK packets
B. To finish any inspection operations
C. To remove the NAT operation
D. To generate logs
